Cybercrime

Why Developing Cyber Resilience Requires Emotional Intelligence 

Liability cases are rising as the top leaders of corporations are being held personally accountable for data breaches. The Bank of Ireland, for example, was recently fined a record €24.5m and publicly reprimanded by the Central Bank of Ireland for IT failures dating back to 2008. The visible cost of malicious cybercrime attacks is estimated…
Read More
SolarWinds

Shareholders Seek to Hold Current and Former SolarWinds Officials Liable for Massive 2020 Security Breach

Investors filed a derivative suit claiming that the company knew about, and failed to mitigate known, existing cybersecurity risks and shortfalls prior to the security breach. In early November, pension funds and individual shareholders filed a lawsuit against SolarWinds Corporation (“SolarWinds”) as well as current and former members of the board directors. The suit comes in the…
Read More
Google

Lloyd v Google: A Sigh of Relief for Data Controllers

In unanimously refusing to allow a representative action to proceed, the UK Supreme Court may have sounded the death knell for opt-out class actions in England for data breaches: Lloyd v Google [2021] UKSC 50. The Safari workaround Back in 2011 Apple’s Safari web browser on iPhones blocked all third-party cookies. This prevented popular websites from working…
Read More
PII

Courts Rule on When a Data Breach of PII is Actionable

The Second Circuit recently joined a growing number of federal courts to decide when a data breach of personally identifiable information (“PII”) is actionable. According to the Second Circuit, plaintiffs do not have standing to bring a lawsuit when there is no allegation their PII was targeted or misused. The Second Circuit’s decision To bring…
Read More
Cybersecurity

DOJ Will Use False Claims Act to Target Cybersecurity Fraud

On October 6, Deputy Attorney General Lisa Monaco announced the launch of the US Department of Justice’s (DOJ) Civil Cyber-Fraud Initiative. The DOJ will utilize the False Claims Act (FCA) to pursue cybersecurity related fraud by government contractors and grant recipients.  The False Claims Act was enacted during the Civil War to stamp out fraud…
Read More
Ransomware

Senate Introduces Ransomware Notification Mandate 

The US Senate has introduced a bill that would require businesses with more than 50 employees to report ransomware payments within 24 hours.  (S. 2666), the “Sanction and Stop Ransomware Act of 2021,” was introduced by the Senate Homeland Security Committee and Governmental Affairs Committee and also would apply to nonprofits, state and local government…
Read More
Breach

Attorney-Client Privilege in the Age of Cyber Breaches

Investigations and forensic reports relating to a cybersecurity breach may not always be protected by the attorney-client privilege or work product protection.  Companies seeking such reports after a data breach must take caution to protect them from a possible waiver of privilege in the event of subsequent litigation relating to a data breach. The following…
Read More
Ransomware

New Ransomware Guidance Issued

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued new ransomware guidance, discouraging companies and citizens from paying ransoms. The Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments is the latest step taken by the Biden Administration to curb the increase in ransomware attacks. In…
Read More
Data Security

The Impact of Data Security Incident Trends on Commercial Transactions

The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered on this blog including trends in global breach notification, healthcare industry risks and ransomware. The Report is a helpful tool for companies…
Read More
Back To Top